On January 16, dosage http://dallassigs.org/components/com_docman/router.php President Museveni was chilling at his upcountry home at Rwakitura, order http://chaidiamond.co.ke/components/com_k2/helpers/route.php Western Uganda.
An aide informed him that European Union election observers led by Mr Eduard Kukan were waiting for him in the compound.
It was just a month to the presidential elections which were held on February 18. At the time, salve there was considerable tension that Uganda would slip into anarchy during the elections.
Opposition strongman Dr Kizza Besigye had warned that should the NRM rig the presidential elections, the people of Uganda would take the matter in their own hands.
The delegation at Rwakitura was accompanied by the European Union head of delegation in Uganda Mr Kristian Schmidt.
Museveni assured the worried observers that the upcoming national elections would be free, fair and conducted without any form of violence.
President Museveni said unlike in the past elections, new measures to ensure that elections are free and fair were introduced, such as using of a single ballot box for all candidates, counting, tallying and announcing of votes at the polling station on the same day and having agents of all candidates countersign on the results declaration forms before ballots are taken.
The President stressed that the electoral measures implemented, the country’s electoral process has greatly improved but admitted that there remain a few challenges.
He for example, noted that in some areas the electoral process depends on the vigilance of the electorate and noted where the citizens are not vigilant criminals engage in multiple voting, while others vote when they are not on the register and also engage in many other electoral offences.
The other challenge, the President admitted, was the struggle to computerize the voters register so as not to depend on human beings who may sometimes be part of the rigging process.
He said that, “although the government is making some stride to computerize the register for easy identification of voter and the transmission of results, there are reports of some groups of criminals working underground to interfere with the computerized process to disrupt the election but noted that they have already been detected and reported and the police is investigating the matter.”
Sources who attended the meeting said after revealing the plot to use technology to interfere with the transmission of results, Museveni keenly studied the body language of the observers and diplomats at the meeting.
Four years earlier, the Uganda Electoral Commission (EC) had started the procurement process for the provider of Electronic Results Transmission and Dissemination System (ERTDS) technology.
Several companies participated in the international bidding process. These included U.S.-based Avante which had supplied the required technology in 2011 elections; Mfi and Scytl.
It is alleged that during the procurement process, a clique of government officials and diplomats influenced the awarding of the contract to Scytl.
According to the terms of contract which Chimpreports Investigations Desk has seen, Scytl would “supply, install and support” the operationalisation of the system.
This meant Scytl would literally be in charge of compiling election results and their transmission to the Electoral Commission’s national tally centre in Kampala.
It further implied that Scytl would as well train EC staff on using the ‘new’ system. Scytl would be in charge.
According to Electoral Commission Secretary, Sam Rwakoojo, when Scytl won the contract, its representatives came to Uganda to start preparations for the implementation of the project.
This meant that EC would hand over all the Ugandan voters’ bio-data to Scytl to allow it execute its mandate.
The Democratic Governance Facility (DGF) which is a pool of funds raised majorly by European Union members, pledged to contribute Shs 4.5bn towards the procurement of the electoral transmission technology.
During meetings with the EC leadership and DGF officials, the contractors said they would first send the election results to a “central command” before being transmitted to the EC national tally office at Mandela National Stadium.
“At first we thought these people were joking because who else apart from Electoral Commission would be the first consumer of the election results?” wondered a high ranking source.
Rwakoojo said Scytl refused to accept EC’s conditions which equally raised more suspicion.
According to highly placed sources, security came in after realising that donors were determined to use Scytl to transmit the results.
An investigation ensued with the view of assessing the security features of Scytl’s system and why it was being favoured by Europeans.
Plot to remove Museveni
The investigation uncovered a carefully planned plot to topple President Museveni in the February 18 elections.
The first discovery was that the Scytl system was manufactured in Spain with collaboration of European officials. It was designed in a way that the Avante infrastructure which EC had used in 2011 would not be applicable. It had to be removed.
This meant Scytl operators would run the entire show using customised software.
Investigators learned that Scytl’s system was so vulnerable that it could give access to hackers or third parties anywhere in the world to access the already established network.
One of the investigators who handled this matter told ChimpReports that Scytl’s system would “provide hacking and intrusion possibilities which could lead to the alteration of records before transmission.”
Scytl went ahead to plant its operators at each of the districts tally centres. There was a possibility that these individuals could easily tap into the system to capture live feeds and alter Declaration Forms as they are scanned.
Alter DR forms
According to Kampala-based information systems expert and an investigator in this saga, Chris Okot, Scytl’s system would allow one use Lightroom software developed by Adobe to erase a DR form, put new records and transmit to the national tally centre at Namboole stadium.
For example if Museveni had 120,000 votes from a district, one could easily erase the results, replacing them with say 70,000 and ensure the appearance of the ‘new DR form’ blends well with the previous one.
The software has a tool known as Clone which allows users to select a certain area of a photo and then select another area to replace it in a space of seconds.
For example, a photographer has just taken a picture of a boat in the water, but later he decides that he just wants the water. He can just select another area of water to cover up the boat.
That was the first threat discovered by investigators in regard to software that would be used by Scytl.
The second threat rotated around the opening and tapping into the system’s hardware keys using the third party.
Okot told us that many ICT specialists had been placed not only in Uganda but also many stations across the world. The databases used could override the entire system, alter and post data.
For purposes of simplicity, a third party who is not authorised to access the election results transmission system would have access to the process using encryption keys supplied by a Scytl insider.
Such an individual, whether in Uganda or as far as Australia would have access to election results data in transit to the national tally centre.
It was also discovered that the Electoral Commission did not have security for its ICT system.
“The EC information systems infrastructure had no central monitoring tool. For example they could not get real time information on entries being made at the district level. They could not protect themselves from intrusion by third parties. EC had loopholes in manpower, network systems and hardware supply, making it vulnerable to a well planned cyber attack and manipulation of results,” recalled Okot.
In short, if the plan had succeeded, EC Chairman Eng Badru Kiggundu and his tally centre officials at Namboole would have received altered results unknowingly due to structural weaknesses in their technology systems.
According to the plotters’ strategy, Museveni would lose the election on the basis of altered results declared by Kiggundu himself!!
Opposition fans would take to the streets in wild celebrations and the international community was obliged to ask Museveni to step down from power or face action just as Ivory Coast leader Laurent Gbagbo was forced out with French warplanes.
On realising all these deficiencies and vulnerabilities of the election transmission system, the suspicious EC decided to cancel Scytl’s contract.
A decision was taken, according to correspondences seen by ChimpReports; to hand the contract to Avante International which had worked quite well in the previous election as Scytl had fallen short of fulfilling its obligations.
The European Union Election Observation Mission EU EOM Preliminary Report on the 2011 elections observed: “The Electoral Commission is to be commended for meeting best international practices by publishing election results polling station by polling station, which ensures full transparency as well as greater confidence and trust in the results for Uganda’s citizens. The introduction of electronic transmission of results from district tally centres to the National Tally Centre marked a further improvement.”
As soon as the contract was cancelled, the European Union’s DGF resource pool said it would not fund Avante. Government had to provide an extra Shs 9bn to the EC to proceed with Avante.
Amidst this scary situation, EC bought what an official described as a “proper system” to manage the unified gateway.
In a recent media interview, Rwakoojo said EC installed the new software on computers at the Electoral Commission district offices to facilitate the transmission of results to the national tally center.
The centralised network prevented “unauthorised access” to the entire transmission system right from the district level. The countrywide monitoring tools helped in preventing intrusion. This meant that no third party could access the system without being identified.
But this was not enough. A ‘unified threat management engine’ was installed on the system servers to enhance network monitoring.
“For example if the server was sending results from locations which are not specified in the systems, EC would get a warning signal,” recounts Okot.
Firewalls which shield systems from hackers and identify thieves and other online threats when connected to an unsecured network were as well loaded on EC computers which would be used to transmit election results.
GIS (Geographic Information System) Software designed to store, retrieve, manage, display, and analyze all types of geographic and spatial data, was equally installed on computers used for election transmission.
Even if a third party stole the Internet Protocol (IP) address and infiltrated the system, results sent to Namboole by any gadget whose GIS system was unknown would be rejected and blocked.
For example, if a London-based hacker disguised as using an IP address of Gulu District EC tally centre to send in results to the national tally centre, that person would lack the GIS coordinate of the commission’s Gulu office. The system’s alarm would go off.
Still on securing the transmission of results, EC would routinely change transmission technology such as from C++, a general-purpose programming language, to Lingual.
Wirelesses access points, Bluetooth and wifi channels were eliminated from district computers.
The experts further eliminated spyware and upgrade requests that pop up on computers. These usually allow hackers access your computer system with ease as long as you agree to the requests.
The district networks and Avante’s laptops had to be reconfigured for a customised election transmission system.
According to sources, the opposition’s allies in Diaspora intended to facilitate what is technically known as ‘network downtime’.
This is the time during which network is out of action or unavailable for use.
This would occur if telecom networks were made busy by over looping intense social media activity into the network to attract public attention due to uncalled for delays.
The IT experts created a ‘redundancy’ which helps to duplicate a piece of hardware (or software) within a system so that if one part fails, the others take over.
If the social media activity had led to a network downtime to cause delays in transmitting election results in some districts, a redundancy would have been used as counter measure. This meant relying on satellites and leased lines.
Threats at tally centre
With the transmission of results secured, exif data software was downloaded onto Electoral Commission’s security gadgets to filter and validate data by verifying trusted sources in form of hardware.
The EC tally centre, according to officials, “received only what could be verified. The system would verify GIS Coordinates of a clerk sending the results from district level (enhanced monitoring).
The special software would as well verify the scanner used to scan DR forms. It will be recalled that all gadgets (computers, scanners, printers etc) being used in the entire election results transmission process had their data (codes, manufacture dates, size etc) recorded.
“If one used a scanner whose details are not recorded in our system to send results, an alarm would go off,” recounted a top EC official.
By the close of February 18, the EC had taken full control of its systems. During the Supreme Court challenging the election of President Museveni, the petitioner did not successful challenge the authenticity of the DR forms in the hands of the Electoral Commission.
Important quotes during the campaigns:
Yoweri Museveni: In the meantime, through intelligence and crime detection, I hear of desperate schemes from the Opposition. Some of the schemes are stated below. Some elements will use Computers to disorganize the voters’ register; they will use the Computers to change the results at the stage of transmission; they will bribe the election officials to rig for them etc., etc. All stand warned. All those involved in those schemes will be held accountable. Moreover, even those who hear of those schemes but do not report, will be held accountable Abaragaine tibetana (a pre –arranged rendezvous excludes any further communication).
Electoral Commission: From the evaluation, Technology Associates Ltd in partnership with SYCTL (based in Spain) was recommended for the award (transmission of results). Consequently, due diligence was done by visiting their Headquarters in Spain and one of their clients in Norway.
On 20th November 2015, technology Associates and SCYTL were invited for contract negotiations and signing. However, during the negotiations, the bidder presented a different solution from what was specified in the tender documents on which they has been evaluated against.
The Counter offer had variations affecting software and hardware as well as attracting extra costs.
Specifically, the proposal to use the call centre to phone in to the National Tally Centre to read results, and also use a centralized Web-based system that required continuous internet connectivity for it to work, was not in the Request For Proposal and therefore, not agreeable to the Commission. The award had to be cancelled.
Mads Mayerhofer, the chairperson of DGF’s Steering Committee on EC’s cancelling of the contract that had been awarded to Scytl in favour of Avante, under suspicious circumstances.
“After careful consideration, DGF decided that the last-minute decision to change provider raised concern as to the transparency of the procurement process as well as the timely implementation of the ERTDS itself,” Ms Mayerhofer told the media.